Unsoundness from overriding vals #16092

howtonotwin · 2022-09-24T00:28:07Z

Tested on Dotty 3.2.0 and 3.2.1-RC2 (both via Scastie). What it says on the tin: overriding a val basically makes paths containing that val unstable. I searched the Dotty issue tracker for this issue and didn't find it, but I was expecting that a (serious?) soundness failure would be there. So this might be a duplicate.

Code

trait X {
  type T
  def process(t: T): Unit
}

class Z(val x: X, val t: x.T) {
  def process(): Unit = x.process(t)
}
class Evil(x1: X, x2: X, t: x1.T) extends Z(x1, t) {
  override val x: X = x2 // breaks connection between x and t
}
// alarm bells should be ringing by now

// taking it to its conclusion...
object x1 extends X {
  override type T = Int
  override def process(t: T): Unit = println("Int: " + t)
}
object x2 extends X {
  override type T = String
  override def process(t: T): Unit = println("String: " + t)
}
new Evil(x1, x2, 42).process() // BOOM: basically did x2.process(42)

Output

No compiler error, and a ClassCastException when run.

Expectation

Compiler error of some kind.

The text was updated successfully, but these errors were encountered:

odersky · 2022-09-24T16:22:39Z

Good point. val overriding has been eyed with unease for a long time, but the objections were mostly about the weird initialization behavior. This might be the final straw to disallow it altogether.

odersky · 2022-09-24T16:59:17Z

I tried to construct a similar unsoundness example using just member val overriding (no val parameters) but failed. It would be good to find out whether that's just my lack of imagination or indeed it's necessary to have an overridden val parameter to exhibit the unsoundness.

We disallow overriding of val parameters, which fixes the soundness problem discovered in scala#16092. There is one exception: If a val parameter is overridden by another val parameter that can be shown to always have the same value (in the sense established by Paramforwarding.inheritedAccessor). This exception is needed to make a not-so-uncommon pattern of case class inheritance go through. Example: abstract class A(val x: Int) case class B(override val x: Int) extends A(x) case class C(override val x: Int) extends A(x) case object D extends A(0) Here, the `override val`s are necessary since case class parameters are always vals, so they do override the val in class A. It should be noted that the override val generates a second field, so this not a very efficient representation. A better design would be to use an abstract field in `A`: abstract class A { val x: Int } case class B(val x: Int) extends A case class C(val x: Int) extends A case object D extends A { val a = 0 } But that causes slightly more work for cases as in D. Which seems to be why the first pattern is sometimes used. It might be desirable to disallow the second pattern, but that would cause quite a bit of migration hassle since it requires synchronized changes at several places of a class hierarchy.

abgruszecki · 2022-09-27T12:53:17Z

For what it's worth, I took a look at this issue and I also can't find an example where a similar issue occurs without using val parameters. It seems that the real problem is allowing Evil to initialize x twice.

We disallow overriding of val parameters, which fixes the soundness problem discovered in #16092. There is one exception: If a val parameter is overridden by another val parameter that can be shown to always have the same value (in the sense established by Paramforwarding.inheritedAccessor). This exception is needed to make a not-so-uncommon pattern of case class inheritance go through. Example: abstract class A(val x: Int) case class B(override val x: Int) extends A(x) case class C(override val x: Int) extends A(x) case object D extends A(0) Here, the `override val`s are necessary since case class parameters are always vals, so they do override the val in class A. It should be noted that the override val generates a second field, so this not a very efficient representation. A better design would be to use an abstract field in `A`: abstract class A { val x: Int } case class B(val x: Int) extends A case class C(val x: Int) extends A case object D extends A { val a = 0 } But that causes slightly more work for cases as in D. Which seems to be why the first pattern is sometimes used. It might be desirable to disallow the first pattern, but that would cause quite a bit of migration hassle since it requires synchronized changes at several places of a class hierarchy. Fixes #16092

We disallow overriding of val parameters, which fixes the soundness problem discovered in scala#16092. There is one exception: If a val parameter is overridden by another val parameter that can be shown to always have the same value (in the sense established by Paramforwarding.inheritedAccessor). This exception is needed to make a not-so-uncommon pattern of case class inheritance go through. Example: abstract class A(val x: Int) case class B(override val x: Int) extends A(x) case class C(override val x: Int) extends A(x) case object D extends A(0) Here, the `override val`s are necessary since case class parameters are always vals, so they do override the val in class A. It should be noted that the override val generates a second field, so this not a very efficient representation. A better design would be to use an abstract field in `A`: abstract class A { val x: Int } case class B(val x: Int) extends A case class C(val x: Int) extends A case object D extends A { val a = 0 } But that causes slightly more work for cases as in D. Which seems to be why the first pattern is sometimes used. It might be desirable to disallow the second pattern, but that would cause quite a bit of migration hassle since it requires synchronized changes at several places of a class hierarchy.

howtonotwin added itype:bug stat:needs triage Every issue needs to have an "area" and "itype" label labels Sep 24, 2022

odersky mentioned this issue Sep 24, 2022

Code refactoring of initialization checker #16066

Merged

odersky mentioned this issue Sep 25, 2022

Disallow overriding val parameters #16096

Merged

jchyb added area:typer itype:soundness Soundness bug (it lets us compile code that crashes at runtime with a ClassCastException) and removed stat:needs triage Every issue needs to have an "area" and "itype" label labels Sep 25, 2022

odersky closed this as completed in #16096 Sep 27, 2022

Kordyjan added this to the 3.2.2 milestone Aug 1, 2023

som-snytt mentioned this issue Feb 17, 2024

Bad symbol is selected leading to ClassCastException. Regression from scala 2.13 #19711

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unsoundness from overriding vals #16092

Unsoundness from overriding vals #16092

howtonotwin commented Sep 24, 2022

odersky commented Sep 24, 2022

odersky commented Sep 24, 2022

abgruszecki commented Sep 27, 2022

Unsoundness from overriding vals #16092

Unsoundness from overriding vals #16092

Comments

howtonotwin commented Sep 24, 2022

Code

Output

Expectation

odersky commented Sep 24, 2022

odersky commented Sep 24, 2022

abgruszecki commented Sep 27, 2022